The present invention relates to a digital signature technique, and in particular, to a digital signature technique suitably increasing credibility of a digital signature to authenticate a message or a document.
In electronic commerce, online shopping, and the like, a digital or electronic signature technique is used to prove that data (of a message or a document) received is data transmitted from a particular sender to thereby prevent so-called “personation” in which a person pretends to be another person.
In the digital signature, the contents of the message are guaranteed using, for example, a hash value thereof to prevent falsification of the message.
For example, JP-A-2001-331104, JP-A-2001-331105, and EP1094424A2 describe techniques of the prior art to improve credibility of the digital signature.
These articles describe techniques in which when a new signature is written or generated, information of signature log up to the point of time is reflected in the new signature. In other words, according to the techniques, signature information of the generated new signature is added to the signature log each time signature is generated. As a result, all items of the signature thus generated are related to each other in a chained configuration. In authentication of signature, the signature and the chain thereof are proved, and hence falsification of the signature becomes more difficult.
To further increase credibility, JP-A-2001-331104 and the corresponding European Patent Application EP1094424A2 describe a “log chain crossing” technique. In the technique, when a signature is received from the other party, information of signature log is generated for the received signature to thereby incorporate the signature information of the communicating other party in the receiver's signature log.
When the processing is executed in both communicating parties, the signature log up to when the latest signature was generated is stored mutually in the parties. Therefore, even when one of the parties loses his or her signature log, it is possible to restore the log by using the signature log entry stored in the other party.
However, above-mentioned articles describe neither specific information to be stored in the signature log nor an actual concrete method to implement the log chain crossing. Since the signature log is required to prove the signature chain, the signature log of a party is open to the other parties in some cases, and hence privacy of the party cannot be kept.